使用客户端证书的自定义 urllib 开启器 [英] Custom urllib opener that uses client certificates
问题描述
我有一个必须使用的 API.API 受 HTTPS 保护并使用相互身份验证/客户端证书.我有一个 PEM 文件和一个 CRT 文件.
I have got an API that I have to work with. The API is secured by HTTPS and uses mutual authentication/client certificates. I have a PEM file and a CRT file.
当我定期连接服务器时,使用PyOpenSSL我没有问题,代码如下:
When I connect to the server regularly, using PyOpenSSL I have no problem, here is the code:
import settings
from OpenSSL import SSL
import socket
def verify(conn, cert, errnum, depth, ok):
# This obviously has to be updated
print 'Got certificate: %s' % cert.get_subject()
return ok
def password_callback(maxlen, verify, extra):
print (maxlen, verify, extra)
return settings.DEPOSIT_CODE
context = SSL.Context(SSL.SSLv23_METHOD)
context.set_verify(SSL.VERIFY_NONE, verify)
context.set_passwd_cb(password_callback)
context.use_certificate_file(settings.CLIENT_CERT_FILE)
context.use_privatekey_file(settings.PEM_FILE)
sock = SSL.Connection(context, socket.socket(socket.AF_INET, socket.SOCK_STREAM))
sock.connect(("someserver.com",443))
http_get_request = """
GET / HTTP/1.1
"""
sock.write(http_get_request)
print sock.recv(1000)
但是,因为这是一个带有客户端证书的 HTTPS API,我已经为它实现了一个 opener,以某种方式修改的代码在这里:
But, because this is an HTTPS API with client certificate, I have implemented an opener for it, the code somehow modified is here:
import settings
import socket
import urllib2
def verify(conn, cert, errnum, depth, ok):
# This obviously has to be updated
print 'Got certificate: %s' % cert.get_subject()
return ok
def password_callback(maxlen, verify, extra):
print (maxlen, verify, extra)
return settings.DEPOSIT_CODE
class MyHTTPSConnection(httplib.HTTPSConnection):
def connect(self):
context = SSL.Context(SSL.SSLv23_METHOD)
context.set_passwd_cb(password_callback)
context.use_certificate_file(settings.CLIENT_CERT_FILE)
context.set_verify(SSL.VERIFY_NONE, verify)
context.use_privatekey_file(settings.PEM_FILE)
self.sock = SSL.Connection(context, socket.socket(socket.AF_INET, socket.SOCK_STREAM))
class MyHTTPSHandler(urllib2.HTTPSHandler):
def https_open(self,req):
return self.do_open(MyHTTPSConnection,req)
opener = urllib2.build_opener(urllib2.HTTPHandler,MyCHTTPSHandler)
urllib2.install_opener(opener)
f = urllib2.urlopen("https://sampleapiserver.com")
print f.code
但是当我运行第二个代码时,出现以下错误:
but when I run the second code, I get the following error:
File "/usr/lib/python2.6/urllib2.py", line 126, in urlopen
return _opener.open(url, data, timeout)
File "/usr/lib/python2.6/urllib2.py", line 391, in open
response = self._open(req, data)
File "/usr/lib/python2.6/urllib2.py", line 409, in _open
'_open', req)
File "/usr/lib/python2.6/urllib2.py", line 369, in _call_chain
result = func(*args)
File "network.py", line 37, in https_open
return self.do_open(IRNICHTTPSConnection,req)
File "/usr/lib/python2.6/urllib2.py", line 1142, in do_open
h.request(req.get_method(), req.get_selector(), req.data, headers)
File "/usr/lib/python2.6/httplib.py", line 914, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.6/httplib.py", line 951, in _send_request
self.endheaders()
File "/usr/lib/python2.6/httplib.py", line 908, in endheaders
self._send_output()
File "/usr/lib/python2.6/httplib.py", line 780, in _send_output
self.send(msg)
File "/usr/lib/python2.6/httplib.py", line 759, in send
self.sock.sendall(str)
OpenSSL.SSL.Error: [('SSL routines', 'SSL_write', 'uninitialized')]
最后,我做错了什么吗?如果没有,请帮助我理解错误...
Finally, am I doing something wrong? If not, please help me understand the error...
干杯.
推荐答案
我不确定 - 但在我看来,您好像没有在 connect() 方法中执行 connect() 调用:
I'm not sure - but it looks to me like you are missing doing the connect() call in the connect() method:
self.sock.connect(("someserver.com",443))
还有 httplib 的 https 处理具有 SSL 套接字的包装类,所以也许这些是它工作所必需的?
Also httplib's https handling has wrapper classes for the SSL socket, so maybe those are required for it to work?
这篇关于使用客户端证书的自定义 urllib 开启器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
